15 Actions You Can Take Right Now to Protect Your Privacy
UPDATED July 2020
It is no secret that American democracy is in for some dark years. Trump has threatened first amendment rights; threatened to jail his political opposition; condoned violence by his followers; stoked racism against every non-white ethnicity; and is openly cooperating with a belligerent foreign power, Russia, against his domestic political opposition.
If Trump continues following his authoritarian playbook, there will be more government surveillance and hacking without a warrant, weakening control of corporate surveillance, and increasing secret demands by government agencies for that corporate data. Resisting authoritarianism will not be easy or cheap, but for the sake of democracy we need to lose as few of these battles as possible. Resistance ultimately boils down to organizing in order to disrupt activity that would erode our democratic institutions, while keeping you and your loved ones free.
What follows are actions, in the form of tools and practices, that you can take immediately to protect your privacy as you organize resistance. All of these actions can be taken by non-technical persons who devote a few minutes to learning them, and all of them are legal. The key to protecting your privacy isn’t discovering one magic bullet, but a combination of tools and new practices that fit your current online habits.
Before we get to the tools and practices, however, let me address the objections you are already considering that will dissuade you from following these recommendations:
“I have nothing to hide.” If you actually believed this you would not wear clothes. Do you agree 100% with the outlook and policies of your government? We all have something to hide, even if just from advertisers or retailers. A government can leak information about a person and cause damage to that person through guilt by association, or use such information to deny services even if there was no wrongdoing. Privacy is the foundation of a free society. If you believe you have privacy rights, then claiming you have “nothing to hide” is irrelevant. Privacy is the right to control access to your person and your personal information, which means that it is you who determines access, not the government. Edward Snowden put it best when he said, “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”
“I am not doing anything illegal.” Most people go through life believing that surveillance is only directed at the bad guys. However, the monitoring of individuals is now routine, and what is legal today can be illegal tomorrow. Given the complexity of federal law and regulations, if the FBI had access to every email you’ve ever written and every phone call you’ve ever made, it’s probable that they could discover at least one violation. In other words, you probably have done something illegal, but may not know it.
“I am not nearly interesting enough for anyone to care about my activities.” If you have a bank account, you can be targeted for identity theft. If you have ever attended a political event, consider yourself “interesting.” Would you feel comfortable if your medical history or sexual history was publicized? What about your Google search history? Everyone has a possible adversary, be it malware, a vindictive business partner, a common thief, criminal hacker, or government mass surveillance.
Now, on to the recommendations…
- Encrypt your smartphone chats and phone calls. Your chats and phone calls can be hacked by anyone with the right skills and technology. In many cases, that would mean hackers overhear calls to your mother or a conversation with your child about what to have for dinner. However, if you are concerned about people listening in on sensitive conversations, or simply value privacy for its own sake, download the Signal app. If messages are intercepted, they’ll be unreadable. It is easy to use and isn’t very different from how you call and text now. Spread the word to your friends; you might be surprised to discover some already using it. Signal says it saw a 400% increase in sign ups in the week after the presidential election.
- Use a Virtual Private Network. A VPN is a small application you fire up before browsing the internet that provides privacy by hiding your internet activity (from your ISP and your government). A VPN allows you to evade censorship (by a school, your place of work, your ISP, or a government agency) and protects you against hackers when using a public WiFi hotspot. Since a VPN spoofs your geographic location, you may also be able to access services unfairly denied to you based on that location. Even voice calling and Google searching is more secure over a VPN. My favorite is IPVanish because they do not log your activity and they have hundreds of servers around the world, but there are many similar solutions to choose from. [July 2020 update: Maintaining a secure VPN tunnel can be complex and requires regular maintenance. The NSA’s Central Security Service has released two documents (a full and an abridged version) on securing virtual private networks. Good stuff.]
- Encrypt your email. Email is an inherently insecure communications medium. Let me repeat: Email is an inherently insecure communications medium. Whenever you send an email it is cached on multiple servers en route to its destination. If Hillary Clinton can have her email hacked, so can you. The easiest way to encrypt your email is to use a service like ProtonMail. A more difficult way (experts only) is to use PGP. If you are unwilling to take either of these steps, do not send sensitive information via email unless you would be comfortable with it in skywriting.
- Avoid using public computers such as at a hotel business center or a library. These computers can be accessed by anyone so are usually riddled with viruses and key logging software that can capture any information you enter into the computer. If you must use a public computer, assume that whatever information you access or enter is public, so don’t check your bank statement or sign into any other sensitive accounts, including email.
- Do not use public wifi without using a VPN. In less than one hour, I could teach you how to hack the computer of someone using a public wifi — like at Starbucks or in an airport. Most people believe such skills are rare. The truth is that it is not only easy to do, but ridiculously so. I use public wifi all the time, but never without a VPN, so that if my connection is intercepted the information will be encoded gibberish.
- Use different passwords for different services. There are some very simple solutions to this problem that do not require any memorization, such as using a password manager. Having the same password for every account — or even a handful of passwords that you reuse — is needlessly dangerous.
- Use two-factor authentication whenever possible. Two-factor authentication is how some websites confirm you are who you say you are when you try to log in, usually by texting you a code which you then enter on the website. Here’s how to set it up for Facebook, Google, Microsoft products, and more. You can also use authenticator app codes. A good overview of the pros and cons of each method is here. If you really want to kick up your security a notch, get a prepaid phone that is only used for two-factor authentication.
- Be smart about browser plugins (or “extensions”), as some are intentionally malicious. Sometimes users will download a plug-in (despite warnings from their browsers) which will log your keystrokes, or funnel your search requests to a third party. Investigate a new plugin before you install by Googling its name and seeing what comes up. Here is a review of some great plugins, like Ghostery, that can help you maintain privacy.
- Keep your web browser up-to-date. Browser security teams work constantly to protect users from risks. Chrome pushes major new releases every six to eight weeks and will update automatically. If you use Internet Explorer, Firefox or Safari, verify that you are working with the latest version. What is the best browser? TOR.
- Use the TOR browser for online browsing instead of Chrome or Internet Explorer. TOR bounces your web traffic around a network of relays, making it difficult for anyone to track your online activity. The websites you visit aren’t able to collect data that would expose your physical location, for example, and you can access content that might otherwise be unavailable to people in your region. TOR isn’t perfect, but it can serve as an extra layer of protection. Download it here, and make sure you read the instructions on that page, because you will need to change your browsing habits.
- Encrypt your hard drive. Encrypting your entire hard drive offers protection in case your computer is ever lost, stolen or seized by the authorities. VeraCrypt is a good solution, and it is free. Note that the optional encryption on Windows 8.1 and up is not secure, since the encryption key is uploaded to Microsoft’s servers and can, therefore, be requested by government agencies. Apple’s OS X (10.7 Lion and above) has a native FileVault function that you should turn on.
- Keep your social media accounts secure. The National Police Chief’s Council in the UK in 2016 published a wonderfully detailed guide for just this purpose that is still relevant. Check it out.
- Cover your webcam with a piece of tape. This recommendation comes from the FBI. Webcams, whether built-in or attached via USB, are inherently risky. It does not matter if the webcam is switched on or not, you should simply assume that it is always on and open to intrusion. Anyone with physical access to your computer could load an application in less than a minute — even if your computer is locked — that can hijack the camera.
- Use digital cameras with caution. Every time you take a digital photo or video, geolocation tags are saved with the image, placing you and the subjects of the photo at a specific time and place. Avoid publishing photos directly from your phone. Instead, convert them to PNG file format (which does not have geotags) and publish them from your computer. Additionally, if you want to post photos to any social media service from your smartphone, change the permissions of your iOS or Android device to not report GPS coordinates to these applications.
- Ditch your smartphone entirely. I have saved the most difficult recommendation for last. That smartphone you love so much is a privacy nightmare that creates a trail of breadcrumbs detailing everywhere you go and who you spend time with. Divorce attorneys now routinely subpoena such data from the phone company to determine if a spouse’s phone has been in a bedroom other than their own. Moreover, the NSA can remotely access your contacts, text messages, notes, and location information about where you have been, as well as activate the camera and microphone without any indication that they have done so. If you must carry a smartphone, be mindful of where you bring it, and bury it in a bag or case to muffle the mic and block the camera.
In the next few years the robustness of American democratic institutions will be sorely tested. As you organize against creeping authoritarianism, these 15 recommendations can help keep you and your loved ones safe.
Chuck Beretz is a software consultant based in the California Republic. Follow him on Twitter @ChuckBeretz. Views expressed are his own.




